Using Private Registries With Replicated
As covered in the documentation, Replicated supports private images by configuring a connection to the private registry where they reside.
To configure the connection, go to Images and click on Add External Registry:
Generally speaking, the endpoint will be the same endpoint you would use to run
When connecting to a private registry, the syntax to login is:
$ docker login ADDRESS:PORT
And to pull any images, the syntax is:
$ docker pull [OPTIONS] ADDRESS:PORT[/PATH]/IMAGE_NAME[:TAG]
So for example, to login to some private registry I would run something like:
$ docker login registry.example.com:5000
And to pull an image from this registry I would run something like:
$ docker pull registry.example.com:5000/projects/app-image
So in the example above, the endpoint would be
The values for the
password fields will depend on the registry.
Below are instructions for some of the most common registries but for those that are not listed, a good rule of thumb is to provide the same values when running
Once Replicated and the Private Registry have been linked, you may need to update any defintion files to now pull images from this registry.
Amazon Elastic Container Registry (ECR)
To connect the Replicated Vendor Portal with Amazon ECR, you will need the following:
Username: AWS Access Key ID
Password: AWS Secret Key
AWS Access Key ID and
AWS Secret Key must be from a user with enough permissions to pull the nescessary images.
If having permissions to pull images from all repositories is OK, then using the Amazon-provided AmazonEC2ContainerRegistryReadOnly policy will suffice.
If you’d like to further limit the scope of which images the user is able to pull, please review this article.
Google Container Registry (GCR)
To connect the Replicated Vendor Portal with GCR, you will need the following:
<contents of JSON key file>
The JSON key file must be from a Service Account that has the Storage Object Viewer role:
To create the JSON key file, open the user record and select ADD KEY as shown below:
Copy the entire contents of the file and paste them into the Password field. Set the Username field to
For registries not listed here, please refer to the General Steps section.